Wscript.exe and Cscript.exe must not be accessible by users other than the SA and Web Manager.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2264 | WG470 IIS6 | SV-38332r1_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Windows Scripting Host (WSH) is installed under either a Typical or Custom installation option of a Microsoft Network Server. This technology permits the execution of powerful script files from the Windows NT command line. This technology is also classified as a Category I Mobile Code. If the access to these files is not tightly controlled, a malicious user could readily compromise the server by using a form to send input to these scripting engines. This is a web-related vulnerability that could exist on any NT / Win 2000 system regardless of the web server software being used on the platform. |
| STIG | Date |
|---|---|
| IIS6 Server | 2015-06-01 |
Details
| Check Text ( C-37722r1_chk ) |
|---|
| 1. Select Start > Search > Search for instances of Wscript.exe and Cscript.exe. 2. If found, navigate to these files > right click on them to view their properties. 3. Permissions should only exist for the System, the SA, and Web Manager (i.e. Full Control). 4. User accounts with access to these files that are unknown or unintended to the SA or Web Manager should be removed. If these files have permissions for accounts other than the System, SA, or Web Manager, this is a finding. |
| Fix Text (F-32969r1_fix) |
|---|
| Remove Wscript.exe and Cscript.exe files from the server, or restrict access to these files to the SA, the Web Administrator, and the system account. |